Multi-Factor Authentication

Agilysis implemented Okta’s multi-factor authentication tool to provide an additional level of security for client’s 25,000 employees that had ‘payment elections’ enabled in Workday Payroll.

Okta was deployed in front of Workday, so that any employee that needed to make a Payroll related update in the system, such as revising payment elections, would be required to authenticate identity from a number of knowledge or possession factors. Moreover, this two-factor authentication was used only for critical updates, but not for activities such as viewing paystubs, so as not to create an unnecessary burden on the employees.

The Okta MFA was configured to use the following Multi-factor Authentication factors:

    • • Email authentication with onetime passcode
    • • Security Question
    • • Voice call authentication
    • • Text message authentication
    • • Push notification to Mobile app

    The implementation of Okta with Workday involved the following:

    • 1.Development of APIs:
      • • Developed a custom RaaS API with list of custom fields, generated URL and credentials that were shared with Okta to allow them to import employee population from Workday.
      • • Developed a Core connector – Okta template Integration to enable Okta API endpoint URL with required credentials.
    • 2.Configuration of SSO:
      • • Configured two Single Sign-On links to Okta with authentication based on the Employee ID (Named Identifier) along with X509 Certificate
        • • Payment Elections
        • • Security Settings (Okta)
    • 3.Tenant Security Setup:
      • • Enabled Okta IDP in Workday
    • 4.Configuration of Step-up:
      • • Enabled Step-up to have MFA when the employee selects Payment election on Pay Worklet.
    • 5.Configuration of Onboarding BP:
      • • Added a to-do task in the Payment elections Worklet that will take the user back to Okta to enter multi-factor authentication.

    The entire project took about six weeks with critical inputs from Okta, Client’s Business and Technical teams.


    Just for reference:

    (Original Version provided by Dhanush)

    Scope: The scope of this application is to provide step up authentication as a second level security in Workday. All US and PR employees who has Payment elections enabled in Workday Payroll. This application will be a responsive app and can be viewed in any device (desktop, tablet and mobile).

    Requirement:

    • • Add additional level of Security in Payment election within workday
    • • Provide Multifactor Authentication factors: Factors to include
      • • Email authentication with onetime passcode
      • • Security Question
      • • Voice call authentication
      • • Text message authentication
      • • Push notification to Mobile app

    Development Work:

    • b) API:
      • • Developed a custom RaaS API with list of custom fields and generated URL and credentials and shared the same to Okta to let them import US and PR population from Workday.
      • • Developed a Core connector – Okta template Integration to enable Okta API endpoint URL with required credentials.
    • c) SSO Configuration:
      • • Configured two Single Sign-On links to Okta and Authentication has been done based on the Employee ID (Named Identifier) along with X509 Certificate
        • • Payment Elections
        • • Security Settings (Okta)
    • d) Tenant Security:
      • • Enabled Okta IDP in Workday
    • e) Step-up:
      • • Enabled Step-up to have MFA when the employee selects Payment election on Pay Worklet.
    • f) Onboarding BP:
      • • Added Payment elections to-do task that will take user back to Okta to enter MFA.